From 730be5ef6bd6d8ffdcaf68f68ce586d0888fb558 Mon Sep 17 00:00:00 2001 From: Oleg Lobanov Date: Sat, 3 Jul 2021 16:56:27 +0200 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..a36dee40 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,26 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 2.x | :white_check_mark: | +| < 2.0 | :x: | + +## Reporting a Vulnerability + +Vulnerabilities should be reported to filebrowser@googlegroups.com - which is a private, maintainer-only group. Maintainers will attempt to respond to/confirm reports within 2-3 days, but if you believe your report to be "critical" to user safety and security, please note as such in the subject. We have tens of thousands of users using our software, and take security vulnerabilities seriously. + +When reporting an issue, where possible, please provide at least: + +* The commit version the issue was identified at +* A proof of concept (plaintext; no binaries) +* Steps to reproduce +* Your recommended remediation(s), if any. + +The FileBrowser team is a volunteer-only effort, and may reach back out for clarification. + +> Note: Please do not open public issues for security issues, as GitHub does not provide facility for private issues, and deleting the issue makes it hard to triage/respond back to the reporter.